You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Here is what I know right now. I had a brand new credit card get backed the day after I set it up in PayPal. I decided to change from Avast free to Kaspersky Total Security and it notified that I was on a unsecured public network. Knowing I used a Private WPA2 network I knew something was wrong, but when I logged into the network my user id and password were no longer valid. This happend to me about 6 months earlier so I just figured, but I know I didn't, forgot the router's user ID and password. Unfortunatley I didn't change the user ID and password and that may have contributed to my much bigger issue. Anyway I did a factory reset on the router, changed the user ID and came up with a super complex password. I also installed the latest firmware on the router.

I'm now in the process of scanning all of my computers looking for some type of malware, trojan, bot...anything, but the scanners are not finding anything. I did a factory reset on my laptop but it couldn't be completed because the factory recovery partition has been corrupted. All of the scans have completed very quickly and seemed to skip over large sections of objects.

I'm waiting on doing my son's computer until his finals are over, but I did begin working on my daughters. I got the OS reinstalled, but when I click on IE explorer to get my AV installed the instantly redirected me to the following site:

I know this isn't correct so I stopped what I was doing and tried to post here, but bleeping computer would install with errors and never display anyting. I was able to get to ESET online site on this computer, but the scan ran very quickly (started at 40%) and didn't find anything. Malawarebytes also skipped over large sections of objects.

Right now I have everything other than my Apple devices (iPads and iPhones) off the network, except for 1 laptop so I can write commuicate with the experts.

I'm going to post the 2 computers separately to ensure the logs stay separated. Attached to this is the log for my MAIN laptop where the factory restore partition was corrupted. I don't know if we want to tackle the second computer (DAUGHTER) at this time, but I will do a reply with that log just in case to keep the separated. This is the laptop that was factory restored but still not behaving properly.

Some files in TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\{B3F7DEA6-9349-4C8F-AB16-B22E9ACA6A65}-45.0.2454.85_44.0.2403.157_chrome64_updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.

Double click on the FRST icon and allow it to run.

Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.

Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.

Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.

Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.

If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).

The scan may take some time to finish,so please be patient.

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.

While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.

The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR MY REVIEW.

Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.===

p..sNothing suspicious wa found on your Daugther's com.You can do the MBAM, Adwcleaner and reset the computer on that computer also.How ever I do not want to see any logs for that computer.If the problem persists I suggest you start a new topic for it. We do not service 2 computer on the same topic.

I would also like to know if these computer are or were connected to a router.

I will run the requested scans on our main laptop as you requested in the next day.

All of these laptops were connected to the router when it was changed from personal to a public connection. The router and cable modem have since been reset to factory defaults, latest firmware installed on my Asus N66U, new user ID and password assigned, and new SSID and passwords for both bands. I have not put either of these computers back on the network since.

The main laptop does have some weird partitions that I never set up and I don't recognize.

No, I haven't put the computer back on the network. I'm actually afraid to after my credit cards got hacked twice in less than a week. Maybe it was due to someone getting behind my router's firewall, but I don't know for sure. I tried to do a factory reinstall of windows but the partition was corrupted in the last 6 months since I did it the last time. I didn't know if someone could change my router settings to public network, could they also get into the computers and place malware deep into the OS or even place it into a partition that these tools cannot see? I don't know if malware can do this but could there be code that sends out a ping signal on one of the computers that would allow someone to get back into my router settings and change them?

All of the computers that were connected have some weird partitions on them that I don't recognize. When you combine that with the factory partition on this one being corrupted hopefully you can see my concern.